Flux domain, also referred to as fast flux and domain flux, is often used as an evasion technique that cyber-criminals and Internet miscreants use to evade identification and to frustrate law enforcement and anti-cybercrime efforts aimed at locating and shutting down web sites used for illegal or other improper or unauthorized purposes.
In a flux network, nodes (e.g., typically systems compromised by malware) are used as proxy servers pointed to by a flux domain through a DNS server. This allows for very rapid changes to DNS related data, which helps cyber-criminals and miscreants delay or evade detection and mitigation of their activities. The main purpose of domain flux is generally to hide true delivery sites used by, for example, malware and/or cybercriminal/scam operators, behind a vast number of relatively short lived Internet Protocol (IP) addresses that are swapped in and out of a DNS record for a domain. This is often referred to as single-flux. However, the same mechanism can be applied to a DNS name server, which is referred to as double-flux.